Skip to content
/ mac-osx-forensics Public

Automatically exported from code.google.com/p/mac-osx-forensics

27 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jjarava/mac-osx-forensics

BranchesTags

Repository files navigation

mac-osx-forensics

Automatically exported from code.google.com/p/mac-osx-forensics

Mac OS X Forensics tools cloned from https://code.google.com/p/mac-osx-forensics on January 12th, 2016

By jjarava

Original project "Readme.md" (or home page info) follows:

Python scripts to check some Mac OS X files.

  • asl.py: Apple System Log parsers (/private/var/log/asl).
  • bsm.py: Basic Security Module (/private/var/audit/).
  • kcpass.py: Decrypt the password store in "/etc/kcpassword" when autologin session is enabled.
  • utmpx.py: UTMPX session file (/private/var/run/utmpx).
  • cups_ipp.py: CUPS IPP Control files parser.
  • plist_artifacts.py: Parsing a group of Plist files that contain timestamp values.
  • plist_user.py: Mac OS X 10.8 and 10.9 users configuration.
  • mac_recent.py: The last open files with the partial bookmark parsed.

Important

Please, remember that most of them are going to be well developed in the PLASO project (http://plaso.kiddaland.net/).
They are only a proof of concept!!!!

RHUL M.Sc. Information Security dissertation project. Author: Joaquin Moreno Garijo

About

Automatically exported from code.google.com/p/mac-osx-forensics

Resources

Readme
Activity

Stars

27 stars

Watchers

3 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages